add an array of session ids to retain.

This commit is contained in:
Shane Kilkelly 2016-07-05 14:20:47 +01:00
parent 6e282ab308
commit 5b9903551a
4 changed files with 17 additions and 10 deletions

View file

@ -121,7 +121,7 @@ module.exports = UserController =
logger.log user: user, "password changed" logger.log user: user, "password changed"
AuthenticationManager.setUserPassword user._id, newPassword1, (error) -> AuthenticationManager.setUserPassword user._id, newPassword1, (error) ->
return next(error) if error? return next(error) if error?
UserSessionsManager.revokeAllUserSessions user, (err) -> UserSessionsManager.revokeAllUserSessions user, [req.sessionID], (err) ->
return next(err) if err return next(err) if err
res.send res.send
message: message:

View file

@ -2,6 +2,7 @@ Settings = require('settings-sharelatex')
redis = require('redis-sharelatex') redis = require('redis-sharelatex')
logger = require("logger-sharelatex") logger = require("logger-sharelatex")
Async = require('async') Async = require('async')
_ = require('underscore')
rclient = redis.createClient(Settings.redis.web) rclient = redis.createClient(Settings.redis.web)
@ -57,7 +58,9 @@ module.exports = UserSessionsManager =
UserSessionsManager._checkSessions(user, () ->) UserSessionsManager._checkSessions(user, () ->)
callback() callback()
revokeAllUserSessions: (user, callback=(err)->) -> revokeAllUserSessions: (user, retain, callback=(err)->) ->
if !retain
retain = []
if !user if !user
logger.log {}, "no user to revoke sessions for, returning" logger.log {}, "no user to revoke sessions for, returning"
return callback(null) return callback(null)
@ -67,10 +70,11 @@ module.exports = UserSessionsManager =
if err if err
logger.err {err, user_id: user._id, sessionSetKey}, "error getting contents of UserSessions set" logger.err {err, user_id: user._id, sessionSetKey}, "error getting contents of UserSessions set"
return callback(err) return callback(err)
logger.log {user_id: user._id, count: sessionKeys.length}, "deleting sessions for user" keysToDelete = _.filter(sessionKeys, (k) => k not in retain)
logger.log {user_id: user._id, count: keysToDelete.length}, "deleting sessions for user"
rclient.multi() rclient.multi()
.del(sessionKeys) .del(keysToDelete)
.srem(sessionSetKey, sessionKeys) .srem(sessionSetKey, keysToDelete)
.exec (err, result) -> .exec (err, result) ->
if err if err
logger.err {err, user_id: user._id, sessionSetKey}, "error revoking all sessions for user" logger.err {err, user_id: user._id, sessionSetKey}, "error revoking all sessions for user"

View file

@ -47,7 +47,7 @@ describe "UserController", ->
@UserSessionsManager = @UserSessionsManager =
trackSession: sinon.stub() trackSession: sinon.stub()
untrackSession: sinon.stub() untrackSession: sinon.stub()
revokeAllUserSessions: sinon.stub().callsArgWith(1, null) revokeAllUserSessions: sinon.stub().callsArgWith(2, null)
@UserController = SandboxedModule.require modulePath, requires: @UserController = SandboxedModule.require modulePath, requires:
"./UserLocator": @UserLocator "./UserLocator": @UserLocator
"./UserDeleter": @UserDeleter "./UserDeleter": @UserDeleter

View file

@ -254,7 +254,7 @@ describe 'UserSessionsManager', ->
@rclient.smembers.callsArgWith(1, null, @sessionKeys) @rclient.smembers.callsArgWith(1, null, @sessionKeys)
@rclient.exec.callsArgWith(0, null) @rclient.exec.callsArgWith(0, null)
@call = (callback) => @call = (callback) =>
@UserSessionsManager.revokeAllUserSessions @user, callback @UserSessionsManager.revokeAllUserSessions @user, [], callback
it 'should not produce an error', (done) -> it 'should not produce an error', (done) ->
@call (err) => @call (err) =>
@ -266,10 +266,13 @@ describe 'UserSessionsManager', ->
@call (err) => @call (err) =>
@rclient.smembers.callCount.should.equal 1 @rclient.smembers.callCount.should.equal 1
@rclient.multi.callCount.should.equal 1 @rclient.multi.callCount.should.equal 1
@rclient.del.callCount.should.equal 1 @rclient.del.callCount.should.equal 1
@rclient.del.firstCall.args[0].should.deep.equal(@sessionKeys) expect(@rclient.del.firstCall.args[0]).to.deep.equal @sessionKeys
@rclient.srem.callCount.should.equal 1 @rclient.srem.callCount.should.equal 1
@rclient.srem.firstCall.args[1].should.deep.equal(@sessionKeys) expect(@rclient.srem.firstCall.args[1]).to.deep.equal @sessionKeys
@rclient.exec.callCount.should.equal 1 @rclient.exec.callCount.should.equal 1
done() done()
@ -287,7 +290,7 @@ describe 'UserSessionsManager', ->
beforeEach -> beforeEach ->
@call = (callback) => @call = (callback) =>
@UserSessionsManager.revokeAllUserSessions null, callback @UserSessionsManager.revokeAllUserSessions null, [], callback
it 'should not produce an error', (done) -> it 'should not produce an error', (done) ->
@call (err) => @call (err) =>